A partial fix for this problem is now available at
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-host-verify.patch
It does not include the destination IP pinning available in the 3.2
series fix it was based on. So is not a full fix. But does include the
IP verification checks
This bug has not been publicly addressed upstream and has been marked as
'minor' by several other distribution's Security Teams.
Workarounds for admins and users are listed in the CERT KB
http://www.kb.cert.org/vuls/id/435052
Regards,
L
--
Luigi Gangitano -- lu...@debian.org --
Package: squid3
Version: 3.0.PRE5-5
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squid.
CVE-2009-0801[0]:
| Squid, when transparent interception mode is enabled, uses the HTTP
| Host header to determine the remote endpoint,
3 matches
Mail list logo